BIND 8.2: 99% server load when lame delegation occurs (reprised)
Barry Margolin
barmar at bbnplanet.com
Fri Jun 4 23:58:30 UTC 1999
In article <Pine.BSI.4.05.9906041709560.16895-100000 at hq.capu.net>,
John N Dvorak <dvorak at capu.net> wrote:
>Sorry. Quick typing, poor thinking on my part. I meant to say that
>InterNIC points to two public servers:
>
>ns.capu.net
>ns2.capu.net
>
>Both of which are slaves, not that that should matter.
I thought you said that there was no entry for the domain on your servers.
How can they be slaves if there's no entry? I presume they're slaves for
all the domains that *are* installed on them.
>When a request for this domain is received, the loop begins, resulting
>in a temporary DOS.
I just did:
dig gruppo.com a @ns.capu.net +norecurse
and it didn't seem to cause a loop, it just returned the NS records in the
Authority section.
>This is true for all lame delegations, BTW, and I can reproduce the result
>with 100% success.
Do you have customers who use these servers as caching servers? If so,
they'll send recursive queries to these servers, which might be starting
this loop. This is one of the reasons why it's good for an ISP to use
different machines for caching and authoritative. You can then turn off
recursion on the authoritative servers.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list